Saturday, July 27, 2013

Recently, I received an email that was supposed to have come from my hosting company. It said I needed to confirm a request for changing of a tariff plan. Although, the wording was awful and it was very non-specific as to the recipient. The email I got was as follows:

Dear DreamHost client,

In your account has been created request for changing of a tariff plan. It is necessary confirmation of this request. You can do it in the section (Change tariff) Virtual Offices :

Someone who is rushing may not read the contents of this email and just click link. This clever scammer set up a catch-all subdomain so that the link would even appear to be directing to dreamhost. The link would take you here:

This happens to be the ISP end point, a company in Lebanon called Terra Net. This company has chosen to not disclose more information about the scammers.

So looking at the main website for kidea.com, we find out some interesting information. One, that they used a company called art-promotion to build and design their site. This company happens to also be in Lebanon, so I looked up their whois and found that they were also hosted on bluehost.com and contact information.

So I went to look closer at kidea.com and found that this might be a cover site (or some poor site that got hacked). The poor design and lack of ecommerce functionality is what seem to indicate that there was more than what meets the eye.You can't checkout with any of the items they sell. It's difficult to think that isn't part of the scam.

Regardless of who this phishing scam came from, be sure to take the time to read your emails before you go clicking links and signing in.